{"id":12766,"date":"2026-03-07T01:01:48","date_gmt":"2026-03-07T01:01:48","guid":{"rendered":"https:\/\/division.iium.edu.my\/itd\/?page_id=12766"},"modified":"2026-04-02T01:08:42","modified_gmt":"2026-04-02T01:08:42","slug":"isms-introduction","status":"publish","type":"page","link":"https:\/\/division.iium.edu.my\/itd\/isms-introduction\/","title":{"rendered":"ISMS – Introduction"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Introduction<\/b><\/span><\/h3>

What is <\/span>ISO\/IEC 27001:2022?<\/strong><\/span><\/p>

ISO\/IEC 27001:2022<\/strong> is a globally recognized international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS)<\/strong> within an organization.<\/span><\/p>

This standard adopts a risk-based approach<\/strong> to information security, enabling organizations to systematically identify, assess, and manage information security risks. It ensures that appropriate controls are implemented to safeguard sensitive information against threats such as unauthorized access, data breaches, cyberattacks, and system failures.<\/span><\/p>

The ISMS framework integrates people, processes, and technology<\/strong>, ensuring that information security is not treated as a standalone technical function but as a comprehensive organizational responsibility. It encompasses policies, procedures, guidelines, and associated resources designed to protect information assets in all forms\u2014digital, physical, and intellectual.<\/span><\/p>

The 2022 revision introduces updated controls aligned with current cybersecurity challenges, including cloud security, threat intelligence, data masking, and secure development practices, making it highly relevant in today\u2019s rapidly evolving digital landscape.<\/span><\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The Background<\/span><\/h3>

The implementation of ISO\/IEC 27001 within the university aligns with national directives and institutional strategic priorities, as outlined below:<\/span><\/p>

  • 24 November 2010<\/strong><\/span>
    The Malaysian Administrative Modernisation and Management Planning Unit (MAMPU), under the Prime Minister\u2019s Department, issued a directive titled \u201cPelaksanaan Pensijilan MS ISO\/IEC 27001:2007 Dalam Sektor Awam\u201d<\/em>.<\/span>
    This initiative mandated all government agencies to adopt and implement ISO\/IEC 27001 certification to strengthen information security governance across the public sector. The directive marked the beginning of a structured, nationwide effort to enhance the protection of government information assets.<\/span>

    <\/li>
  • 2022<\/strong><\/span>
    Under the University Key Risk (UKR) No. 2: Comprehensive Information and Communication Technology Policy<\/strong>, ISMS certification was formally identified as a required deliverable<\/strong>.<\/span>
    This reflects the university\u2019s recognition of information security as a critical risk domain, particularly in safeguarding academic data, research outputs, administrative records, and digital services.<\/span>

    <\/li>
  • 7 February 2024<\/strong><\/span>
    The IIUM ISMS initiative<\/strong> was officially approved during the University Management Committee (UMC) Meeting No. 3\/2024<\/strong>.<\/span>
    This approval signified top management commitment towards institutionalizing a structured information security framework aligned with international standards.<\/span>

    <\/li>
  • 11 March 2025<\/strong><\/span>
    The scope of the IIUM ISMS implementation<\/strong> was endorsed during the ICT Committee Meeting No. 1\/2025<\/strong>.<\/span>
    This milestone established the boundaries and applicability of ISMS across selected kulliyyahs, divisions, and systems.<\/span>

    <\/li>
  • 23 May 2025<\/strong><\/span>
    The IIUM ISMS Kick-Off Meeting<\/strong> was successfully conducted, marking the formal commencement of the implementation phase.<\/span>
    The session was chaired by Prof. Emeritus Datuk Dr. Osman Bakar (IIUM Rector)<\/strong>, demonstrating strong leadership support and institutional commitment towards achieving ISO\/IEC 27001:2022 certification.<\/span><\/li><\/ul>

    \"\"<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Introduction What is ISO\/IEC 27001:2022? ISO\/IEC 27001:2022 is a globally recognized international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS)<\/p>\n","protected":false},"author":37,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":{"1":"page","2":"type-page","3":"status-publish","4":"hentry"},"_links":{"self":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages\/12766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/comments?post=12766"}],"version-history":[{"count":30,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages\/12766\/revisions"}],"predecessor-version":[{"id":13515,"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/pages\/12766\/revisions\/13515"}],"wp:attachment":[{"href":"https:\/\/division.iium.edu.my\/itd\/wp-json\/wp\/v2\/media?parent=12766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}